https://github.com/spithash/dd-wrt-update-suricata-rules-automatically

This is a simple script for updating Emerging Threats rules files and restarting suricata on dd-wrt
https://github.com/spithash/dd-wrt-update-suricata-rules-automatically

dd-wrt emergingthreats entware suricata

Last synced: about 1 month ago
JSON representation

This is a simple script for updating Emerging Threats rules files and restarting suricata on dd-wrt

• Host: GitHub
• URL: https://github.com/spithash/dd-wrt-update-suricata-rules-automatically
• Owner: spithash
• License: gpl-3.0
• Created: 2021-03-09T12:04:11.000Z (about 5 years ago)
• Default Branch: main
• Last Pushed: 2021-03-11T11:50:12.000Z (about 5 years ago)
• Last Synced: 2025-03-11T19:34:38.477Z (about 1 year ago)
• Topics: dd-wrt, emergingthreats, entware, suricata
• Language: Shell
• Homepage:
• Size: 59.6 KB
• Stars: 2
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Updating Emerging Threats Rules on DD-WRT & Restarting Suricata

This is a simple script for updating Emerging Threats rules files and restarting suricata for dd-wrt. Keeping rules updated for the win.

## Installing from the terminal (ssh)

> Entware is required see more here: https://wiki.dd-wrt.com/wiki/index.php/Installing_Entware

1) Copy et-update.sh in your /opt/bin/ folder and give execute permissions to it `chmod +x /opt/bin/et-update.sh`

2) Install cron on dd-wrt `opkg install cron` if you don't have it already.

3) Go to your DD-WRT's Web Interface at *Administration -> Management* tab, in the **Cron** field where is says *Additional Cron Jobs* and paste this line `0 0 * * * root /bin/sh -c /opt/bin/et-update.sh > /dev/null 2>&1`

4) In your terminal run the command: `stopservice crond && startservice crond` and you're done.

It is important though to change inside the script (or leave as is if you're on the same version) the `suricata-4.1.8` part from the URL we're fetching the rules from, to match your version of suricata. To find what's yours, simply do a `suricata -V` -- mine says *"This is Suricata version 4.1.8 RELEASE"* so I changed it to **4.1.8**

By default this cronjob will run every day at 00:00

I personally run suricata on the **br0** interface, but it's up to you to change that. Use `ifconfig` to find the interface that suits you.

Hope someone finds it useful, enjoy :)

### Shoutouts

@OISF

https://rules.emergingthreats.net/

### DEMO:

This is how it looks like if you run et-update.sh manually on the command line

![Demo Updating Emerging Threats rules on DD-WRT and restarting suricata on SSH manually](https://github.com/spithash/trunk/blob/master/emerging-threats-rules-update-suricata-dd-wrt.gif?raw=true)